{"containers": {"cna": {"providerMetadata": {"dateUpdated": "2018-06-17T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "rejectedReasons": [{"lang": "en", "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10540. Reason: This candidate is a reservation duplicate of CVE-2016-10540. Notes: All CVE users should reference CVE-2016-10540 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage"}]}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-1000023", "datePublished": "2018-06-17T20:00:00", "dateRejected": "2018-06-17T19:57:01", "dateReserved": "2016-07-12T00:00:00", "dateUpdated": "2018-06-17T19:57:01", "state": "REJECTED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10540. Reason: This candidate is a reservation duplicate of CVE-2016-10540. Notes: All CVE users should reference CVE-2016-10540 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage"}], "id": "CVE-2016-1000023", "lastModified": "2023-11-07T02:29:25.710", "metrics": {}, "published": "2018-06-17T20:29:00.260", "references": [], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Rejected"}

{"affected_release": [{"advisory": "RHSA-2016:1605", "cpe": "cpe:/a:redhat:openshift:3.2::el7", "package": "nodejs-accepts-0:1.3.3-1.el7", "product_name": "Red Hat OpenShift Container Platform 3.2", "release_date": "2016-08-11T00:00:00Z"}, {"advisory": "RHSA-2016:1605", "cpe": "cpe:/a:redhat:openshift:3.2::el7", "package": "nodejs-express-0:4.13.3-4.el7", "product_name": "Red Hat OpenShift Container Platform 3.2", "release_date": "2016-08-11T00:00:00Z"}, {"advisory": "RHSA-2016:1605", "cpe": "cpe:/a:redhat:openshift:3.2::el7", "package": "nodejs-mime-db-0:1.23.0-1.el7", "product_name": "Red Hat OpenShift Container Platform 3.2", "release_date": "2016-08-11T00:00:00Z"}, {"advisory": "RHSA-2016:1605", "cpe": "cpe:/a:redhat:openshift:3.2::el7", "package": "nodejs-mime-types-0:2.1.11-1.el7", "product_name": "Red Hat OpenShift Container Platform 3.2", "release_date": "2016-08-11T00:00:00Z"}, {"advisory": "RHSA-2016:1605", "cpe": "cpe:/a:redhat:openshift:3.2::el7", "package": "nodejs-minimatch-0:3.0.2-1.el7", "product_name": "Red Hat OpenShift Container Platform 3.2", "release_date": "2016-08-11T00:00:00Z"}, {"advisory": "RHSA-2016:1605", "cpe": "cpe:/a:redhat:openshift:3.2::el7", "package": "nodejs-negotiator-0:0.6.1-1.el7", "product_name": "Red Hat OpenShift Container Platform 3.2", "release_date": "2016-08-11T00:00:00Z"}, {"advisory": "RHSA-2016:1605", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-accepts-0:1.3.3-1.el7", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-08-11T00:00:00Z"}, {"advisory": "RHSA-2016:1605", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-express-0:4.13.3-4.el7", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-08-11T00:00:00Z"}, {"advisory": "RHSA-2016:1605", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-mime-db-0:1.23.0-1.el7", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-08-11T00:00:00Z"}, {"advisory": "RHSA-2016:1605", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-mime-types-0:2.1.11-1.el7", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-08-11T00:00:00Z"}, {"advisory": "RHSA-2016:1605", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-minimatch-0:3.0.2-1.el7", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-08-11T00:00:00Z"}, {"advisory": "RHSA-2016:1605", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-negotiator-0:0.6.1-1.el7", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-08-11T00:00:00Z"}, {"advisory": "RHSA-2016:1582", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "nodejs010-nodejs-minimatch-0:3.0.2-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2016-08-09T00:00:00Z"}, {"advisory": "RHSA-2016:1583", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "rh-nodejs4-nodejs-minimatch-0:3.0.2-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2016-08-09T00:00:00Z"}, {"advisory": "RHSA-2016:1582", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "nodejs010-nodejs-minimatch-0:3.0.2-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS", "release_date": "2016-08-09T00:00:00Z"}, {"advisory": "RHSA-2016:1583", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "rh-nodejs4-nodejs-minimatch-0:3.0.2-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS", "release_date": "2016-08-09T00:00:00Z"}, {"advisory": "RHSA-2016:1582", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "nodejs010-nodejs-minimatch-0:3.0.2-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2016-08-09T00:00:00Z"}, {"advisory": "RHSA-2016:1583", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "rh-nodejs4-nodejs-minimatch-0:3.0.2-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2016-08-09T00:00:00Z"}, {"advisory": "RHSA-2016:1582", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "nodejs010-nodejs-minimatch-0:3.0.2-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2016-08-09T00:00:00Z"}, {"advisory": "RHSA-2016:1583", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-nodejs4-nodejs-minimatch-0:3.0.2-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2016-08-09T00:00:00Z"}, {"advisory": "RHSA-2016:1582", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "nodejs010-nodejs-minimatch-0:3.0.2-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS", "release_date": "2016-08-09T00:00:00Z"}, {"advisory": "RHSA-2016:1583", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-nodejs4-nodejs-minimatch-0:3.0.2-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS", "release_date": "2016-08-09T00:00:00Z"}, {"advisory": "RHSA-2016:1582", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "nodejs010-nodejs-minimatch-0:3.0.2-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS", "release_date": "2016-08-09T00:00:00Z"}, {"advisory": "RHSA-2016:1583", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-nodejs4-nodejs-minimatch-0:3.0.2-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS", "release_date": "2016-08-09T00:00:00Z"}], "bugzilla": {"description": "nodejs-minimatch: Regular expression denial-of-service", "id": "1348509", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348509"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified"}, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified"}, "cwe": "CWE-20", "details": ["This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10540. Reason: This candidate is a reservation duplicate of CVE-2016-10540. Notes: All CVE users should reference CVE-2016-10540 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage", "A regular expression denial of service flaw was found in Minimatch. An attacker able to make an application using Minimatch to perform matching using a specially crafted glob pattern could cause the application to consume an excessive amount of CPU."], "name": "CVE-2016-1000023", "package_state": [{"cpe": "cpe:/a:redhat:mobile_application_platform:4", "fix_state": "Not affected", "package_name": "fh-messaging", "product_name": "Red Hat Mobile Application Platform 4"}, {"cpe": "cpe:/a:redhat:mobile_application_platform:4", "fix_state": "Not affected", "package_name": "mbaas", "product_name": "Red Hat Mobile Application Platform 4"}], "public_date": "2016-06-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-1000023\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1000023\nhttps://nodesecurity.io/advisories/118"], "threat_severity": "Moderate", "upstream_fix": "nodejs-minimatch 3.0.2"}